Skip to content

Add SSL peer verification to start_tls function #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Add SSL peer verification to start_tls function #87

wants to merge 2 commits into from

Conversation

barn
Copy link

@barn barn commented May 6, 2014

No description provided.

barn added 2 commits May 6, 2014 11:36
@barn
Enable verifing the TLS connection in start_tls
d1cf134 
Rather than just blindly OpenSSL::SSL::VERIFY_NONE-ing, verify the peer if
we're given a PEM formatted cafile.
@barn
Update documentation on start_tls method.
8044844 
Explain using the start_tls method and the additions for SSL peer
verification.
@RoUS
Copy link

RoUS commented May 21, 2014

+1 on this functionality (which I have not tested)!

@barn
Copy link
Author

barn commented May 21, 2014

We're using it in production and it seems to working out okay so far, but please test away.

@tarcieri
Copy link

tarcieri commented Sep 4, 2014

It'd be nice if this supported using non-STARTTLS operation (i.e. talking to LDAPS directly on e.g. port 636)

@jch
Copy link
Member

jch commented Oct 31, 2014

@barn there are active maintainers on this project again. Would you be interested in rebasing your changes against the latest master?

@tarcieri
Copy link

Note that we're using this patch successfully in production. I've even added integration tests using ruby-ldapserver. However I also modified the patch to work with :simple_tls in addition to :start_tls

@sonOfRa sonOfRa mentioned this pull request Nov 11, 2014
Closed
@tarcieri tarcieri mentioned this pull request Nov 11, 2014
Closed
@barn
Copy link
Author

barn commented Nov 12, 2014

@jch Well I threw up a version that I think works at https://github.com/barn/ruby-net-ldap/tree/rebased-pull-87 and the tests pass, but it's not the finest code penned.

@tarcieri
Copy link

@barn I'm liking #161

@jch
Copy link
Member

jch commented Nov 12, 2014

@barn thanks for taking the time to rebase, but #161 is further along and similar in concept. If you have time, I'd love an additional pair of 👀 to go over that PR.

@jch jch closed this Nov 12, 2014
@barn
Copy link
Author

barn commented Nov 12, 2014

@jch Agree, that does look preferable.

I'll see if I can get round to testing it on something live, but the design looks much better.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@barn @RoUS @tarcieri @jch